GDPR & Analytics

GDPR applies wherever personal data is processed. Cuttly's link analytics is designed to provide meaningful campaign insights while storing only anonymised, aggregated data — no personal data about individual clickers is retained.

Encyclopedia → Compliance & Safety

Definition

GDPR (General Data Protection Regulation) is the EU data protection regulation establishing rights for individuals over their personal data and obligations for organisations that process it. "Personal data" covers any information that relates to an identified or identifiable natural person — including, under certain conditions, IP addresses and device identifiers.

Cuttly is GDPR compliant. The link analytics system is designed to derive the analytics values needed for meaningful reporting — device type, OS, browser, country, referrer, timing — without storing the raw data from which those values are derived. No personally identifiable information about individual link clickers is retained.

What Cuttly's Link Analytics Collects and Stores

Analytics value storedDerived fromWhat is storedRaw data retained?
Device type (mobile / desktop / tablet) User-Agent header analysis Category only — aggregate No — UA string discarded
Operating system User-Agent header analysis Category only — aggregate No — UA string discarded
Browser User-Agent header analysis Category only — aggregate No — UA string discarded
Country Geo-IP lookup from IP address Country only — country-level aggregate No — IP discarded after lookup
Referrer source HTTP Referer header Categorised source — aggregate No — raw Referer discarded
Timestamp Server time of click Click timing data Timing data only
IP address TCP connection Not stored — discarded after geo-IP lookup
Full User-Agent string HTTP header Not stored — discarded after category derivation
Name, email, device ID Not captured Not captured — not stored

The stored analytics data — device type category, OS category, browser category, country, referrer source category and click timing — is aggregate and anonymised. It describes populations of clicks, not individual people. No individual clicker can be identified from the stored data.

How the Data Flow Works

When a visitor clicks a Cuttly short link, the HTTP request arrives at Cuttly's server with request headers and a connecting IP address. The processing sequence:

  1. User-Agent header is parsed → device type, OS and browser category values are derived → raw UA string is discarded
  2. IP address is used for geo-IP lookup → country value is derived → IP address is discarded
  3. Referer header is categorised → source category value is derived → raw Referer is discarded
  4. Server timestamp is recorded
  5. Only the derived aggregate values (device type, OS, browser, country, referrer source, timing) are stored in the analytics database — no raw request data

Server-Side Tracking and Cookie Consent

Cuttly's link analytics tracking is server-side — it operates at the HTTP redirect step, before any page-level code runs on the visitor's device. No cookie is set on the visitor's device as part of this tracking.

Cookie consent requirements (under GDPR's e-Privacy provisions) apply to cookie-based tracking. Because Cuttly's redirect tracking does not set cookies, cookie consent is not required for the link analytics tracking itself in most GDPR interpretations.

Important distinction: attaching retargeting pixels (Meta Pixel, Google Ads tag) to short links does involve the pixel platform's cookies being set on visitor devices. This requires appropriate cookie consent under GDPR's e-Privacy requirements — separate from, and in addition to, the link analytics tracking.

Related Terms

FAQ

Is Cuttly link analytics GDPR compliant?

Yes. Cuttly stores only anonymised aggregate values: device type, OS, browser, country, referrer source, timing. Raw data (IP addresses, User-Agent strings) is used to derive these values and then discarded. No personally identifiable information is retained. No individual clicker can be identified from stored analytics data.

Does Cuttly store IP addresses?

No. IP addresses are used only for geo-IP lookup to derive the country of click origin. After the country value is derived, the IP address is discarded. Only the country-level aggregate value is stored.

Does Cuttly link tracking require a cookie consent banner?

Not for the link analytics tracking itself — it is server-side and sets no cookies. Cookie consent is required if retargeting pixels are attached to links, as those involve third-party cookies being set on visitor devices.

URL Shortener

Cuttly simplifies link management by offering a user-friendly URL shortener that includes branded short links. Boost your brand’s growth with short, memorable, and engaging links, while seamlessly managing and tracking your links using Cuttly's versatile platform. Generate branded short links, create customizable QR codes, build link-in-bio pages, and run interactive surveys—all in one place.

Sign up Pricing

Cuttly More Than Just a URL Shortener

Cuttly is a comprehensive, ever-evolving platform for link shortening that combines innovation and user-friendliness to deliver a seamless experience in managing and shortening URLs.

G2 medal in URL Shortener category - High Performer - Winter 2025 G2 medal in URL Shortener category - Momentum Leader - Winter 2025 G2 medal in URL Shortener category - High Performer - Spring 2025 G2 medal in URL Shortener category - High Performer - Winter 2024 G2 medal in URL Shortener category - High Performer - Spring 2024 G2 medal in URL Shortener category - High Performer - Summer 2024 G2 medal in URL Shortener category - High Performer - Fall 2024 G2 medal in URL Shortener category - Momentum Leader - Fall 2024
Cuttly URL Shortener - Best Support: SoftwareSuggest Award Cuttly is rated 4.5/5 from 54 reviews on SaaSworthy - Most Worthy URL Shorteners Cuttly is rated 4.5/5 from 54 reviews on SaaSworthy - Fastest Growing URL Shorteners Cuttly is rated 4.5/5 from 54 reviews on SaaSworthy - Most Popular URL Shorteners